German Foreign Office, Intelligence Services at odds over malware stance

Source: Xinhua| 2017-10-09 21:24:11|Editor: liuxin
Video PlayerClose

BERLIN, Oct. 9 (Xinhua) -- The German Foreign Office and Federal Intelligence Service (BND) are at odds over their attitudes towards the official use of "Zero-Day-Exploits" malware, the newspaper "Zeit" reports on Monday.

The so-called "Zero-Day-Exploits" make use of unknown security breaches in software, enabling hackers to infiltrate and manipulate IT systems without its developers having time to construct appropriate defenses. This form of malware is seen as a major threat to global digital security and has prompted a group of nations, including Germany, to launch efforts within the framework of the United Nations to ban the use of such methods by either public or private actors.

German diplomats have hereby run up against resistance by the BND, which, like many other intelligence agencies, has developed and purchased "Zero-Day-Exploits" in order to access information and launch cyber-attacks.

The official use of "Zero-Day-Exploits" by clandestine government agencies poses risks to individuals and organizations by leaving weaknesses in IT systems unresolved and unnoticed, potentially endowing digital criminals with the means to exploit software loopholes. Nevertheless, the BND considers the malware in question to be a highly-effective weapon in cyber conflicts and does not want to refrain from using it.

By stark contrast, the German Foreign Office is supporting a UN initiative which calls on its signatories to automatically publish any software vulnerabilities as soon as they are discovered. Several countries have announced their desire to negotiate an international moratorium, similar to those for chemical or nuclear weapons, on government use of malware.

The Federal Government refused to comment on the dispute, with the BND referring to the confidential nature of its activities.

The intelligence service told "ZEIT" that it was only able to respond to enquiries from the "Federal Government and relevant parliamentary committees."

An official response from the Interior Ministry to a parliamentary enquiry by German Social Democrat (SPD) delegate Saskia Esken obtained by "ZEIT" offered little in the way of further clarification.

"The sale, development and use of (IT) weaknesses and exploits by prosecution authorities is a relevant topic for the Federal Government," the statement reads. While Berlin was "intensely" considering potential problems, it hoped to develop an official "process" for the governmental handling of "Zero Days Exploits" which had "yet to be specified."

According to "Zeit", the ministerial response hereby alluded to a system adopted by the U.S. government in its oversight of agencies such as the National Security Agency (NSA).

Although Washington must decide whether security agencies can employ technical vulnerabilities on the basis of how much danger they pose to the general public, this "Vulnerabilities Equities Process" does not principally ban the official use of "Zero Day Exploits".

It remains unclear at this point which organization will oversee and approve the hacking activities of the BND.